Telegram malware scams have risen 2000% in the last 2 months: Scam Sniffer

Source Cryptopolitan

Web3 anti-scam platform ScamSniffer has reported a sizable increase in malware scams on Telegram’s social messaging platform. According to the firm, Telegram group malware scams increased by 2000% between November 2024 and January 2025.

This new form of attack started gaining prominence in late 2024 and continues to grow alarmingly. With this tactic, bad actors use fake groups and verification bots to distribute malware that can access users’ devices and steal their assets.

Telegram Groups malware
Telegram malware groups are increasing rapidly. Source: Scam Sniffer

These fraudulent groups, usually advertised as exclusive alpha, airdrop, or trading groups, lure users to execute malicious code or install fake verification software to join the channel. Once executed, these codes and software allow the bad actors full access to users’ devices, where they can collect sensitive information to steal users’ assets.

Scam Sniffer wrote:

“Once you execute their code or install their “verification” software, they can access your passwords, scan for wallet files, monitor your clipboard, and steal browser data.”

While it is hard to determine how much has been lost to this new attack vector, Scam Sniffer noted the increase in the number of such scams, which suggests that it is working.

Malware attacks come in multiple variants 

Telegram malware scams have several variants that muddle up the waters for users. In one variant, the attackers ask users to input their phone number and login code for verification instead of executing any code or installing software. However, the phone number and login code give them access to the users’ Telegram accounts and allow them to take control.

Beyond using Telegram, the attackers also execute the same tactic using fake Cloudflare verification pages that deploy malicious code to the clipboard. The fake page usually contains a prompt asking for extra verification and requesting a user to run the Windows + R command. If successful, the malware becomes part of the device and is added to Windows startups.

With these bad actors using several variants of the same scam, security experts have called on users to be more cautious about what links they click and the software they install. Scam Sniffer noted that most of this malware usually contains invites promising users they do not need to sign anything or connect their wallet, while some also ask users to join groups for real-time updates.

The firm identified some fake bots that scammers use, including OfficialSafeguardRobot,  SafeguardsAuthenticationBot, and safeguardoff_bot. All these bots have naming similarities with real verification bots, with subtle misspellings and changes to mislead users.

Given that the full scope and impact of these new scam tactics remain unknown, experts noted that the best protection is for users to never run an unknown command, install unverified software, or use clip-based verification. As Scam Sniffer observed, no genuine crypto project requires users to run a code before they can join a group.

Shift to Telegram malware due to users’ awareness of phishing 

Scam Sniffer claims that bad actors adopted these new tactics because users are now more aware of traditional phishing tactics. Although phishing continues to result in significant losses, with almost $500 million lost in 2024, the security firm noted that regular phishing incidents have remained stable over the past two months.

Beyond their novelty, Telegram malware scams have a more devastating impact. This malware gives attackers more access to users’ devices, enabling them to hack multiple wallets and wreak more havoc using the sensitive information they glean from victims’ devices.

Interestingly, hackers are not just impersonating crypto influencers to market their fake groups. They are also using fake pages of legitimate crypto projects to target communities and invite them to join groups. Scam Sniffer identified invites for fake Telegram Groups attributed to projects such as Scoutly, Fridon AI, Build, and Hiero.

From Zero to Web3 Pro: Your 90-Day Career Launch Plan

Disclaimer: For information purposes only. Past performance is not indicative of future results.
placeholder
Nvidia stock sinks 4% as Trump’s tariff plans rattle AI tradeNvidia shares fell over 4% early Monday after US President Donald Trump delivered a stern message about trade tariffs. Trump said on Sunday that no country would be given any special treatment regarding tariffs. He also signed new trade policies into effect on April 2, which he calls “Liberation Day.” This frightened investors, who had […]
Author  NewsBTC
Apr 01, Tue
Nvidia shares fell over 4% early Monday after US President Donald Trump delivered a stern message about trade tariffs. Trump said on Sunday that no country would be given any special treatment regarding tariffs. He also signed new trade policies into effect on April 2, which he calls “Liberation Day.” This frightened investors, who had […]
placeholder
Bitcoin Price Bounces Back—Can It Finally Break Resistance?Bitcoin price started a recovery wave above the $83,500 zone. BTC is now consolidating and might struggle to settle above the $85,500 zone. Bitcoin started a decent recovery wave above the $83,500
Author  NewsBTC
Yesterday 03: 37
Bitcoin price started a recovery wave above the $83,500 zone. BTC is now consolidating and might struggle to settle above the $85,500 zone. Bitcoin started a decent recovery wave above the $83,500
placeholder
Bitcoin Price Struggling but Short-Term Holders Might Be Setting the Stage for $150KBitcoin has recently displayed signs of upward momentum, trading at $85,215, marking a 2.2% increase in just the past day. Despite this short-term gain, the asset remains down by over 21.2% from its
Author  NewsBTC
Yesterday 08: 43
Bitcoin has recently displayed signs of upward momentum, trading at $85,215, marking a 2.2% increase in just the past day. Despite this short-term gain, the asset remains down by over 21.2% from its
placeholder
U.S. March Nonfarm Payroll Preview: Even If Data Aligns with Expectations, Financial Markets May Not Escape the Fate of VolatilityOn 4 April 2025, the United States will release its March Nonfarm Payrolls (NFP) data. The market consensus currently anticipates job growth of 128,000, a decline from February’s 151,000 (Figure 1). W
Author  TradingKey
Yesterday 08: 59
On 4 April 2025, the United States will release its March Nonfarm Payrolls (NFP) data. The market consensus currently anticipates job growth of 128,000, a decline from February’s 151,000 (Figure 1). W
placeholder
Gold price stabilizes ahead of Trump's tariffs announcement on “Liberation Day”Gold price (XAU/USD) stabilizes just above $3,130 at the time of writing on Wednesday following a mean reversal move the prior day after a fresh all-time high got eked out at $3,149 before closing in negative territory.
Author  FXStreet
Yesterday 10: 01
Gold price (XAU/USD) stabilizes just above $3,130 at the time of writing on Wednesday following a mean reversal move the prior day after a fresh all-time high got eked out at $3,149 before closing in negative territory.
goTop
quote